Server Side configuration needs more information

[GeorgelT]

Hello,

we're trying to implement this plugin for our cyrus imap server that has roundcube as a client. We've been able to get it to be recognized as a plugin for sasl2, but the cyrus configuration as described is currently only hints.

Can we maybe get an actual example configuration or at least specify the variable where the listed flags need to go.

I can infer from the current description that I need to activate the following things as an example:

I need comment out this:

# Force PLAIN/LOGIN authentication only
# (you need to uncomment this if you are not using an auxprop-based SASL
# mechanism.  saslauthd users, that means you!). And pay attention to
# sasl_minimum_layer and allowapop below, too.
sasl_mech_list: PLAIN

I need to add:

sasl_pwcheck_method: saslauthd,auxprop

uncomment and edit:
sasl_auxprop_plugin: oauth2BearerTokens

But what do I do with xoauth2_scope? I don't have this flag in my cyrus imapd.conf file. Secondly what is the exact method name?

Plugin "xoauth2" [loaded], 	API version: 4
	SASL mechanism: XOAUTH2, best SSF: 0
	security flags: NO_ANONYMOUS|PASS_CREDENTIALS
	features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION

We tried both lowercase and uppercase as the method and in both cases it is not recognized by saslauthd:

Jun 11 15:26:03 saslauthd[26256]: Starting SASL Authentication Daemon: saslauthdsaslauthd[26275] :unknown authentication mechanism: XOAUTH2
Jun 11 15:26:03  saslauthd[26256]:  failed!

[facu-es]

Hi, I am in the same situation, have you had any progress?

[GeorgelT]

Unfortunately no, we've started looking into migrating to dovecote for imap as that has better ouath support. We tried a different cyrus plugin also, couldn't get that one working either. We're not there yet with dovecote either, we still need to migrate existing mailboxes, but at least we got oauth working with it and roundcube.

[facu-es]

Sorry to hear that.
Regarding the migration between IMAP servers, there is a very useful project, it's called imapsync and it even provides a Docker container with the application inside ready to use, it requires testing the parameters but with that tool I was able to migrate from Cyrus to Zimbra, the useful thing is that it accepts administrative accounts that read/write to all the boxes so the migration is very simple.

It could be useful for you, in my case the command was something similar to the following:

docker run --rm gilleslamiral/imapsync imapsync --nosyncacls --subscribe --syncinternaldates --skipsize --nofoldersizes --host1 ORIGINAL_IMAP_SERVER_IP --user1 "USER_TO_MIGRATE" --authuser1 "cyrus (OR OTHER cyrus ADMIN USER)" --password1 "PASSWORD_FOR_cyrus_ADMIN_USER" --ssl1 --host2 DESTINATION_SERVER_IP --user2 "USER_TO_MIGRATE@DEST_DOMAIN_NAME" --authuser2 ADMIN_USER_DEST_SERVER --password2 "ADMIN_USER_DEST_SERVER_PASSWORD" --ssl2 --f1f2 Spam=Junk --automap --regexflag 's/\\\\(?!Answered|Flagged|Deleted|Seen|Recent|Draft)[^\s]*\s*//ig' --regextrans2 's/^user.//' --regextrans2 's,:,-,g' --regextrans2 's,\",'\'',g' --regextrans2 's,\s+(?=/|$),,g' --regextrans2 's,^(Briefcase|Calendar|Contacts|Emailed Contacts|Notebook|Tasks)(?=/|$), $1 Folder,ig' --regextrans2 's,\",-,g' --regextrans2 's,&AAo-|&AA0ACg-|&AA0ACgANAAo-(?=/|$),,g'

These regular expressions are applied on the names of the boxes at the source to match what is expected at the destination, the original server is not altered.

Thank you for replying, I hope you find it useful.